PDPA Data Protection & Processing Terms

Effective Date: 11 November 2025

This document sets out how Vault Mark Co., Ltd. (“Vault Mark”, “we”, “us”, “our”) collects, uses, stores, discloses, transfers and otherwise processes Personal Data in accordance with the Thailand Personal Data Protection Act B.E. 2562 (PDPA) and applicable regulations.

1. Definitions

  • Personal Data: any data about an identified or identifiable natural person.
  • Sensitive Personal Data: personal data revealing racial or ethnic origin, religious beliefs, health data, biometric data, etc.
  • Processing: any operation or set of operations performed on Personal Data.
  • Controller: the party determining the purposes and means of Processing.
  • Processor: the party processing Personal Data on behalf of the Controller.
  • Data Subject: the individual whose Personal Data is processed.

2. Purposes of Processing

We process Personal Data to:

  • Provide digital marketing, SEO, advertising, analytics, and related services.
  • Manage client relationships, contracts, billing, and communications.
  • Conduct marketing, promotions, retargeting, and service-related communications.
  • Improve website performance, user experience, security, and fraud prevention.
  • Comply with legal, regulatory, or contractual obligations.

3. Types of Personal Data Collected

We may collect:

  • Identity data: name, job title, organization.
  • Contact data: email, phone, postal address.
  • Technical data: IP address, browser type, device identifiers, cookies.
  • Service data: contract details, preferences, communications.
  • Marketing data: preferences and consent records.
  • Other data voluntarily provided.

We do not process Sensitive Personal Data unless strictly required and permitted by law.

4. Legal Bases for Processing

We rely on the following legal bases:

  • Contractual necessity: to provide agreed services.
  • Legal obligation: to comply with laws and regulations.
  • Legitimate interest: to operate and improve our business, provided rights are not overridden.
  • Consent: where required, such as for certain marketing.

5. Disclosure of Personal Data

We may share Personal Data with:

  • Service providers, vendors, cloud hosts, analytics platforms.
  • Business partners and affiliates assisting in service delivery.
  • Legal, regulatory, or government authorities when required.
  • Successors in case of business transfer or acquisition.

We do not sell or rent Personal Data to third parties.

6. Cross-Border Transfers

If we transfer Personal Data outside Thailand, we will ensure suitable safeguards are in place, such as:

  • Jurisdictions with adequate data protection standards.
  • Data protection agreements or binding obligations.

7. Data Retention

Personal Data is retained only as long as necessary for:

  • The purposes outlined in this policy.
  • Legal or regulatory compliance.
  • Establishing or defending legal claims.

Once no longer needed, data will be deleted, anonymized, or securely destroyed.

8. Data Security

We implement appropriate technical and organizational measures to safeguard Personal Data, including:

  • Secure servers, encryption, firewalls.
  • Access controls and staff training.
  • Regular security reviews and updates.

9. Your Rights under PDPA

You have the right to:

  • Access: request a copy of your Personal Data.
  • Rectify: correct inaccurate or incomplete data.
  • Erase: request deletion or anonymization.
  • Restrict: limit certain data uses.
  • Object: oppose certain processing, including direct marketing.
  • Data portability: request data transfer in a structured format.
  • Withdraw consent: revoke previously given consent.
  • Complain: submit a complaint to the PDPC if rights are infringed.

Requests can be submitted using the contact details below. Proof of identity may be required.

10. Consent Withdrawal

Where consent is the legal basis for data processing (e.g. for marketing), you may withdraw your consent at any time. Withdrawal may impact certain services.

11. Policy Updates

We may update this policy periodically. Material changes will be communicated via our website. Continued use of our services signifies your acceptance of the updated policy.

12. Contact Us

Vault Mark Co., Ltd.
725 S-Metro Building, Sukhumvit Road, Khlong Ton Nuea, Watthana, Bangkok 10110, Thailand
Phone: +66 (0) 2096-6489
Email: info@vaultmark.com
Data Protection Officer: Ms.Kwanmanat Thammasatta (Operations & Compliance Lead)